Google’s Threat Analysis Group (TAG) has managed to acquire a hacker tool named Hyperscape that can be used to download complete inboxes from most popular e-mail platforms like Microsoft Outlook, Gmail, Yahoo, and others.
TAG team is currently running various simulations to get more information on how this tool can be used.
According to Google, Hyperspace can work on attackers’ endpoints and therefore victims don’t have to run any malware like a trojan horse for Hyperspace to get access to their inboxes. For a tool to be deployed, hackers have to get access to users’ account credentials or session cookies.
It seems that the Hyperspace tool can trick the email service into thinking that it is being accessed by outdated browsers. To be able to display the inbox properly, the email server switches to a basic HTML view. After that, the tool changes the inbox language to English and starts opening and downloading emails one by one in .eml format.
In order to stay undetected, the tool is only accessing emails that have been marked as read. Once done, the tool deletes any warning emails and reverts inbox language to its original state.
It appears that the Hyperscape tool is currently targeting email accounts located in Iran, but other hackers group could acquire this tool to target any other inbox they want.